Defense Advanced Research Projects AgencyTagged Content List

Physical Security

Relating to the selective release of information and access to facilities

Showing 27 results for Security RSS
Electronic systems – from the processors powering smartphones to the embedded devices keeping the Internet of Things humming – have become a critical part of daily life. The security of these systems is of paramount importance to the Department of Defense (DoD), commercial industry, and beyond. To help protect these systems from common means of exploitation, DARPA launched the System Security Integration Through Hardware and Firmware (SSITH) program in 2017.
DARPA today announced that its first bug bounty program–Finding Exploits to Thwart Tampering (FETT)–has opened its virtual doors to a community of ethical hackers and cybersecurity researchers to uncover potential weaknesses within novel secure processors in development on the System Security Integration Through Hardware and Firmware (SSITH) program. DARPA has partnered with the Department of Defense’s Defense Digital Service (DDS) and Synack, a trusted crowdsourced security company on this effort.
Defense and commercial systems alike are riddled with legacy software that is difficult to modernize, enhance, and re-engineer, largely due to a lack of effective understanding of the underlying legacy code, which makes predicting the effect of modifications a challenge. From a defense perspective, there is a growing need to enhance or replace components of existing software in critical platforms and systems with more secure and performant code, as well as a desire to use legacy software on new hardware to improve system performance. When introducing enhancements or replacements into large legacy code bases however, there is a high risk that the new code will not safely compose with the rest of the system. Existing means of verifying that updated software is correct-by-construction focus on clean-slate software development, essentially limiting their effectiveness to software that is developed from scratch. Further, these methods assume an existing formal specification that is typically not available for a legacy system, and they require a certain level of expertise in formal methods not readily found in most developers.
June 15-29, 2020,
Virtual Capture-the-Flag Event
DARPA’s System Security Integration Through Hardware and Firmware (SSITH) program is focused on bolstering the security of electronic systems by developing hardware security architectures and tools that protect against common classes of hardware vulnerabilities exploited through software. To help harden the SSITH hardware security protections in development, DARPA is hosting its first ever bug bounty program called the Finding Exploits to Thwart Tampering (FETT) Bug Bounty.
January 23, 2019,
DARPA Conference Center
The Information Innovation Office is holding a Proposers Day meeting to provide information to potential proposers on the objectives of the new Guaranteed Architecture for Physical Security (GAPS) program. GAPS will develop hardware and software architectures that can provide physically provable guarantees around high-risk transactions, or where data moves between systems of different security levels. DARPA wants to ensure that these transactions are isolated and that the systems they move across are enabled with the necessary data security assertions. The intended outputs of this program are hardware and software co-design tools that allow data separation requirements to be defined during design, and protections that can be physically enforced at system runtime.